Data breach in the StudiCloud

23.03.2024
AKTUELL

The AStA hereby informs you about a data breach in which data of students and external persons were probably made accessible to unauthorised persons:

What happened?

Several files containing information on internal financial data of the constituted student body of the University of Rostock from the years 2020 and 2021 were publicly available for four months in the StudiCloud, the cloud for student committees of the University of Rostock.
The reason for this event and its late discovery lies in the release structure of documents in StudiCloud. It is often not possible to see exactly who has access to which documents. Therefore, it was not realised that the above-mentioned documents were available to the university public.

When did it happen?

The incident was noticed in the night from 20 March to 21 March 2024. The documents had been available to the university since November 2023.

What data is affected?

In detail, the files contain the following personal data

  • Date of the transfer
  • Surname and first name
  • Payment subject
  • Transfer amount
  • IBAN and BIC in three cases
  • Signatures in three cases
  • Who has received the data?

The StudiCloud can be accessed by anyone who has a corresponding account at the University of Rostock. It is no longer possible to prove who actually accessed the documents, as the StudiCloud log data does not go back far enough.

What measures have already been taken to limit the damage?

The subfolder containing the documents has been deleted.

Awareness of the release of documents in the StudiCloud is being raised once again.
In particular, we are working on a better concept for processing data protection incidents to improve the implementation of measures and communication in the event of data protection incidents.

The StudiCloud settings for sharing documents will soon be revised to make the public settings clearer. The aim of this is to ensure that such errors can be avoided completely at best, but at least recognised at an early stage.

It is also planned to check all other documents in the StudiCloud for public access in a timely manner. However, it cannot be assumed that any other documents related to this incident are still publicly available at the university, as the folder in question has been completely deleted.

Posted by techast on in AKTUELL

Kalender

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
1
2
3
4
5
6
7
8
9
10
7:00 PM - StuRa Sitzung
11
12
13
14
15
16
17
18
19
20
21
22
23
24
7:00 PM - StuRa Sitzung
25
26
27
28
1
2
3
4
5
6
7
StuRa Sitzung
10 Feb
10.02.2021    
19:00
More Info
StudierendenEcke
19 Feb
19.02.2021    
17:00-18:00
StudierendenEcke is a room made for small talks. We do not have any event so be creative and make yours. Join -> Introduce -> get [...]
More Info
StuRa Sitzung
24 Feb
24.02.2021    
19:00
More Info
Basistraining zur Teamer*in in der politischen Bildung
03 Mar
03.03.2021-05.03.2021    
Ganztägig
digital
Weitere Details findest du unter: https://soziale-bildung.org/basistraining-vom-3-03-bis-5-03-2021/
More Info
Events on 10.02.2021
10 Feb
StuRa Sitzung
10 Feb 21
Events on 19.02.2021
19 Feb
StudierendenEcke
19 Feb 21
Events on 24.02.2021
24 Feb
StuRa Sitzung
24 Feb 21
Events on 03.03.2021
03 Mar
Basistraining zur Teamer*in in der politischen Bildung
3 Mar 21
Rostock